Internal Audit is a fast growing profession in India. For companies, it got legal recognition with the introduction of the Manufacturing and Other Companies (Auditors’ Report) Order, 1975, implemented effective 1-1- 1976. The statutory auditors had to comment, for certain class of companies, whether the internal audit system was commensurate with the size and nature of the business. A major revision to this Order, titled as Companies (Auditor’s Report), Order, 2003 (CARO), as amended in 2004, continued with this requirement. Subsequently, in February 2000, SEBI accepted the recommendations of the Kumar Mangalam Birla Committee on Corporate Governance and inserted a separate Clause 49 in the listing agreement which included Internal Audit and laid down its relationship with the Audit Committee. The Companies Act, 2013 now mandatorily requires appointment of an Internal Auditor by the Board for certain class of companies and prescribed rules thereunder. Internal Auditing is being recognized as a profession.
The role of Internal Audit has assumed a different dimension as a key element of organizational governance. Internal auditing has moved from a traditional financial audit role to risk-based audit that provides assurance, advice and insight in risk management, internal controls and governance. It plays a critical role in protecting and enhancing organizational value and is increasingly becoming a change agent and a business partner.
IIA India works together with The IIA in providing Internal Auditing Practitioners, Executive Management and Board of Directors with standards, guidance and information on best practices in Internal Auditing. The Global IIA has developed several resources, toolkits and materialswhich are ideal for elevating the profession and enhancing professionalism.
What is Internal Auditing?
Performed by professionals with an in-depth understanding of the business culture, systems, and processes, the internal audit activity provides assurance that internal controls in place are adequate to mitigate the risks, governance processes are effective and efficient.
The Institute of Internal Auditors (IIA) has developed the globally accepted definition of internal auditing, as follows:
Internal Auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Independence is established by the organizational and reporting structure. Objectivity is achieved by an appropriate mind-set. The internal audit activity evaluates risk exposures relating to the organization's governance, operations and information systems, in relation to:
- Effectiveness and efficiency of operations.
- Reliability and integrity of financial and operational information.
- Safeguarding of assets.
- Compliance with laws, regulations, and contracts.
Based on the results of the risk assessment, the internal auditors evaluate the adequacy and effectiveness of how risks are identified and managed in the above areas. They also assess other aspects such as ethics and values within the organization, performance management, communication of risk and control information within the organization in order to facilitate a good governance process.
The internal auditors are expected to provide recommendations for improvement in those areas where opportunities or deficiencies are identified. While management is responsible for internal controls, the internal audit activity provides assurance to management and the audit committee that internal controls are effective and working as intended. The internal audit activity is led by the chief audit executive (CAE) or the head of internal audit. The CAE delineates the purpose, scope, authority, responsibility and independence of the internal audit activity in a writtencharter that is approved by the audit committee.
An effective internal audit activity is a valuable resource for management and the board or its equivalent, and the audit committee due to its understanding of the organization and its culture, operations, and risk profile. The objectivity, skills, and knowledge of competent internal auditors can significantly add value to an organization's internal control, risk management, and governance processes. Similarly an effective internal audit activity can provide assurance to other stakeholders such as regulators, employees, providers of finance, and shareholders.
As the primary body for the internal audit profession, The IIA maintains the International Standards for the Professional Practice of Internal Auditing and the Code of Ethics. IIA members are required to adhere to the Standards and Code of Ethics.